Important Notices

URL regular expression DoS (CVE-2007-1349)

A flaw was discovered in the Apache::PerlRun module shipped with
mod_perl 1.29 and earlier and in the ModPerl::RegistryCooker module
shipped with mod_perl 2.03 and earlier. A remote attacker could
craft a URL with a path that would be interpreted as a regular
expression, potentially allowing a denial of service by creating an
expression that will take a very long time to run. This
vulnerability only affects Apache::PerlRun and custom subclasses of
ModPerl::RegistryCooker that explicitly use the namespace_from_uri()
method. The Apache::Registry, ModPerl::PerlRun, and
ModPerl::Registry modules are NOT affected.

Users of mod_perl 1.29 and earlier are encouraged to upgrade to 1.30
if they use Apache::PerlRun for their applications. Users of
mod_perl 2.03 are encouraged to check their custom code for calls to
the namespace_from_uri() method and replace it with the
namespace_from_filename() method.

All of the release distribution packages have been digitally signed
(using PGP or GPG) by the Apache Group members that constructed them.
There will be an accompanying distribution.asc file
in the same directory as the distribution. The PGP keys can be found
at the MIT key repository and within this project's
KEYS file.

Always use the signature files to verify the authenticity
of the distribution, e.g.,

We offer MD5 hashes as an alternative to validate the integrity
of the downloaded files. A unix program called md5 or
md5sum is included in many unix distributions. It is
also available as part of GNU
Textutils. Windows users can get binary md5 programs from here, here, or
here.